Merge remote-tracking branch 'refs/remotes/origin/master' into sh-7291521

devices/surface-hub/TOC.md

@@ -19,7 +19,7 @@
 ### [Manage Microsoft Surface Hub](manage-surface-hub.md)
 #### [Accessibility](accessibility-surface-hub.md)
 #### [Change the Surface Hub device account](change-surface-hub-device-account.md)
-#### [Device reset](device-reset-suface-hub.md)
+#### [Device reset](device-reset-surface-hub.md)
 #### [End a Surface Hub meeting with I'm Done](i-am-done-finishing-your-surface-hub-meeting.md)
 #### [Install apps on your Surface Hub](install-apps-on-surface-hub.md)
 #### [Manage settings with a local admin account](manage-settings-with-local-admin-account-surface-hub.md)

devices/surface-hub/device-reset-suface-hub.md

@@ -2,6 +2,7 @@
 title: Device reset (Surface Hub)
 description: You may wish to reset your Microsoft Surface Hub.
 ms.assetid: 44E82EEE-1905-464B-A758-C2A1463909FF
+redirect_url: https://technet.microsoft.com/en-us/itpro/surface-hub/device-reset-surface-hub
 keywords: reset Surface Hub
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -27,7 +28,10 @@ Initiating a reset will return the device to the last cumulative Windows update,
 -   MDM enrollment
 -   Domain join or Azure AD join information
 -   Local admins on the device
--   Configurations from MDM or the Settings app.
+-   Configurations from MDM or the Settings app
+
+**Important Note**</br>
+Performing a device reset may take up to 6 hours. Do not interrupt the reset process. Interrupting the process will render the device inoperable, requiring warranty service to return to normal functionality.
 
 After the reset, you'll be taken through the [first run program](first-run-program-surface-hub.md) again.
 

devices/surface-hub/device-reset-surface-hub.md

@@ -0,0 +1,42 @@
+---
+title: Device reset (Surface Hub)
+description: You may wish to reset your Microsoft Surface Hub.
+ms.assetid: 44E82EEE-1905-464B-A758-C2A1463909FF
+keywords: reset Surface Hub
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: surfacehub
+author: TrudyHa
+---
+
+# Device reset (Surface Hub)
+
+
+You may wish to reset your Microsoft Surface Hub.
+
+Typical reasons for a reset include:
+
+-   The device isn’t running well after installing an update.
+-   You’re repurposing the device for a new meeting space and want to reconfigure it.
+-   You want to change how you locally manage the device.
+
+Initiating a reset will return the device to the last cumulative Windows update, and remove all local user files and configuration, including:
+
+-   The device account
+-   MDM enrollment
+-   Domain join or Azure AD join information
+-   Local admins on the device
+-   Configurations from MDM or the Settings app
+
+**Important Note**</br>
+Performing a device reset may take up to 6 hours. Do not interrupt the reset process. Interrupting the process will render the device inoperable, requiring warranty service to return to normal functionality.
+
+After the reset, you'll be taken through the [first run program](first-run-program-surface-hub.md) again.
+
+## Related topics
+
+
+[Manage Microsoft Surface Hub](manage-surface-hub.md)
+
+[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md)

devices/surface/TOC.md

@@ -13,4 +13,5 @@
 ### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md)
 ## [Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md)
 ## [Surface Dock Updater](surface-dock-updater.md)
+## [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
 

devices/surface/index.md

@@ -1,6 +1,6 @@
 ---
 title: Surface (Surface)
-description: .
+description: 
 ms.assetid: 2a6aec85-b8e2-4784-8dc1-194ed5126a04
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -86,6 +86,11 @@ For more information on planning for, deploying, and managing Surface devices in
 <td><p>[Surface Dock Updater](surface-dock-updater.md)</p></td>
 <td><p>Get a detailed walkthrough of Microsoft Surface Dock Updater.</p></td>
 </tr>
+<tr class="odd">
+<td><p>[Surface Enterprise Management Mode](surface-enterprise-management-mode.md)</p></td>
+<td><p>See how this feature of Surface devices with Surface UEFI allows you to secure and manage firmware settings within your organization.
+</p></td>
+</tr>
 </tbody>
 </table>
 

devices/surface/manage-surface-dock-firmware-updates.md

@@ -43,7 +43,7 @@ The Surface Dock firmware update process shown in Figure 1 follows these steps:
 
 8.  When the Surface Dock is disconnected for a second time, the Surface dock installs the firmware update to the DisplayPort chipset. This process takes up to 3 minutes to apply.
 
-![figure 1](images/manage-surface-dock-fig1-updateprocess.png)
+![Surface Dock firmware update process](images/manage-surface-dock-fig1-updateprocess.png "Surface Dock firmware update process")
 
 *1- Driver installation can be performed by Windows Update, manual installation, or automatically downloaded with Microsoft Surface Dock Updater*
 

devices/surface/manage-surface-uefi-settings.md

@@ -39,9 +39,9 @@ You will also find detailed information about the firmware of your Surface devic
 
 - Touch Firmware 
 
-*Figure 1. System information and firmware version information*
+![System information and firmware version information](images/manage-surface-uefi-figure-1.png "System information and firmware version information")
 
-![figure 1](images/manage-surface-uefi-figure-1.png)
+*Figure 1. System information and firmware version information*
 
 You can find up-to-date information about the latest firmware version for your Surface device in the [Surface Update History](https://www.microsoft.com/surface/en-us/support/install-update-activate/surface-update-history) for your device. 
 
@@ -59,21 +59,21 @@ On the **Security** page of Surface UEFI settings, you can set a password to pro
 
 The password must be at least 6 characters and is case sensitive. 
 
-*Figure 2. Add a password to protect Surface UEFI settings*
+![Add a password to protect Surface UEFI settings](images/manage-surface-uefi-fig2.png "Add a password to protect Surface UEFI settings")
 
-![figure 2](images/manage-surface-uefi-fig2.png)
+*Figure 2. Add a password to protect Surface UEFI settings*
 
 On the **Security** page you can also change the configuration of Secure Boot on your Surface device. Secure Boot technology prevents unauthorized boot code from booting on your Surface device, which protects against bootkit and rootkit-type malware infections. You can disable Secure Boot to allow your Surface device to boot third-party operating systems or bootable media. You can also configure Secure Boot to work with third-party certificates, as shown in Figure 3. Read more about [Secure Boot](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/secure-boot-overview) in the TechNet Library.
 
-*Figure 3. Configure Secure Boot* 
+![Configure Secure Boot](images/manage-surface-uefi-fig3.png "Configure Secure Boot")
 
-![figure 3](images/manage-surface-uefi-fig3.png)
+*Figure 3. Configure Secure Boot*
 
 You can also enable or disable the Trusted Platform Module (TPM) device on the **Security** page, as shown in Figure 4. The TPM is used to authenticate encryption for your device’s data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library. 
 
-*Figure 4. Configure Surface UEFI security settings*
+![Configure Surface UEFI security settings](images/manage-surface-uefi-fig4.png "Configure Surface UEFI security settings")
 
-![figure 4](images/manage-surface-uefi-fig4.png)
+*Figure 4. Configure Surface UEFI security settings*
 
 ##Devices 
 
@@ -95,9 +95,9 @@ On the **Devices** page you can enable or disable specific devices and component
 
 Each device is listed with a slider button that you can move to **On** (enabled) or **Off** (disabled) position, as shown in Figure 5. 
 
-*Figure 5. Enable and disable specific devices*
+![Enable and disable specific devices](images/manage-surface-uefi-fig5.png "Enable and disable specific devices")
 
-![figure 5](images/manage-surface-uefi-fig5.png)
+*Figure 5. Enable and disable specific devices*
 
 ##Boot configuration 
 
@@ -115,9 +115,9 @@ You can boot from a specific device immediately, or you can swipe left on that d
 
 For the specified boot order to take effect, you must set the **Enable Alternate Boot Sequence** option to **On**, as shown in Figure 6. 
 
-*Figure 6. Configure the boot order for your Surface device* 
+![Configure the boot order for your Surface device](images/manage-surface-uefi-fig6.png "Configure the boot order for your Surface device")
 
-![figure 6](images/manage-surface-uefi-fig6.png)
+*Figure 6. Configure the boot order for your Surface device* 
 
 You can also turn on and off IPv6 support for PXE with the **Enable IPv6 for PXE Network Boot** option, for example when performing a Windows deployment using PXE where the PXE server is configured for IPv4 only.  
 
@@ -125,14 +125,14 @@ You can also turn on and off IPv6 support for PXE with the **Enable IPv6 for PXE
 
 The **About** page displays regulatory information, such as compliance with FCC rules, as shown in Figure 7. 
 
-*Figure 7. Regulatory information is displayed on the About page*
+![Regulatory information displayed on the About page](images/manage-surface-uefi-fig7.png "Regulatory information displayed on the About page")
 
-![figure 7](images/manage-surface-uefi-fig7.png)
+*Figure 7. Regulatory information displayed on the About page*
 
 ##Exit 
 
 Use the **Restart Now** button on the **Exit** page to exit UEFI settings, as shown in Figure 8. 
 
-*Figure 8. Click Restart Now to exit Surface UEFI and restart the device*
+![Exit Surface UEFI and restart the device](images/manage-surface-uefi-fig8.png "Exit Surface UEFI and restart the device")
 
-![figure 8](images/manage-surface-uefi-fig8.png)
+*Figure 8. Click Restart Now to exit Surface UEFI and restart the device*

devices/surface/microsoft-surface-data-eraser.md

@@ -65,24 +65,24 @@ After the creation tool is installed, follow these steps to create a Microsoft S
 
 3.  Click **Start** to acknowledge that you have a USB stick of at least 4 GB connected, as shown in Figure 1.
 
-    ![figure 1](images/dataeraser-start-tool.png)
+    ![Start the Microsoft Surface Data Eraser tool](images/dataeraser-start-tool.png "Start the Microsoft Surface Data Eraser tool")
 
-    Figure 1. Start the Microsoft Surface Data Eraser tool
+    *Figure 1. Start the Microsoft Surface Data Eraser tool*
 
 4.  Select the USB drive of your choice from the **USB Thumb Drive Selection** page as shown in Figure 2, and then click **Start** to begin the USB creation process. The drive you select will be formatted and any existing data on this drive will be lost.
   >**Note:**  If the Start button is disabled, check that your removable drive has a total capacity of at least 4 GB.
   
-    ![figure 2](images/dataeraser-usb-selection.png)
+    ![USB thumb drive selection](images/dataeraser-usb-selection.png "USB thumb drive selection")
 
-    Figure 2. USB thumb drive selection
+    *Figure 2. USB thumb drive selection*
 
 5.  After the creation process is finished, the USB drive has been formatted and all binaries are copied to the USB drive. Click **Success**.
 
 6.  When the **Congratulations** screen is displayed, you can eject and remove the thumb drive. This thumb drive is now ready to be inserted into a Surface device, booted from, and wipe any data on the device. Click **Complete** to finish the USB creation process, as shown in Figure 3.
 
-    ![figure 3](images/dataeraser-complete-process.png)
+    ![Surface Data Eraser USB creation process](images/dataeraser-complete-process.png "Surface Data Eraser USB creation process")
 
-    Figure 3. Complete the Microsoft Surface Data Eraser USB creation process
+    *Figure 3. Complete the Microsoft Surface Data Eraser USB creation process*
 
 7.  Click **X** to close Microsoft Surface Data Eraser.
 
@@ -105,9 +105,9 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo
 
 3.  When the Surface device boots, a **SoftwareLicenseTerms** text file is displayed.
 
-    ![](images/data-eraser-3.png)
+    ![Booting the Microsoft Surface Data Eraser USB stick](images/data-eraser-3.png "Booting the Microsoft Surface Data Eraser USB stick")
 
-    Figure 4. Booting the Microsoft Surface Data Eraser USB stick
+    *Figure 4. Booting the Microsoft Surface Data Eraser USB stick*
 
 4.  Read the software license terms, and then close the notepad file.
 
@@ -123,9 +123,9 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo
 
 7.  If you typed **S** to begin the data erase process, the partition that will be erased is displayed, as shown in Figure 5. If this is correct, press **Y** to continue, or **N** to shut down the device.
 
-    ![](images/sda-fig5-erase.png)
+    ![Partition to be erased is displayed](images/sda-fig5-erase.png "Partition to be erased is displayed")
 
-    Figure 5. Partition to be erased is displayed in Microsoft Surface Data Eraser
+    *Figure 5. Partition to be erased is displayed in Microsoft Surface Data Eraser*
 
 8.  If you pressed **Y** in step 7, due to the destructive nature of the data erasure process, an additional dialog box is displayed to confirm your choice.
 

devices/surface/step-by-step-surface-deployment-accelerator.md

@@ -60,7 +60,7 @@ The following steps show you how to create a deployment share for Windows 10 th
   >**Note:**  As of SDA version 1.96.0405, SDA will install only the components of the Windows ADK that are required for deployment, as follows:
     * Deployment tools
     * User State Migration Tool (USMT)
-    * Windows Preinstallation Environment (WinPE)</br>
+    * Windows Preinstallation Environment (WinPE)</br></br>
 
   >**Note:**&nbsp;&nbsp;As of SDA version 1.96.0405, SDA will install and use MDT 2013 Update 2. Earlier versions of SDA are compatible only with MDT 2013 Update 1.
 
@@ -116,7 +116,7 @@ The following steps show you how to create a deployment share for Windows 10 th
 
     ![The installatin progress window](images/sdasteps-fig5-installwindow.png "The installatin progress window")
 
-    *Figure 5. The **Installation Progress** window*
+    *Figure 5. The Installation Progress window*
 
 8.  When the SDA process completes the creation of your deployment share, a **Success** window is displayed. Click **Finish** to close the window. At this point your deployment share is now ready to perform a Windows deployment to Surface devices.
 
@@ -250,7 +250,7 @@ After you have prepared the USB drive for boot, the next step is to generate off
 
     ![Select the Update Media Content option](images/sdasteps-fig12-updatemedia.png "Select the Update Media Content option")
     
-    *Figure 12. Select the **Update Media Content** option*
+    *Figure 12. Select the Update Media Content option*
 
 22. The **Update Media Content** window is displayed and shows the progress as the media files are created. When the process completes, click **Finish.**
 
@@ -358,7 +358,7 @@ To run the Deploy Microsoft Surface task sequence:
 
     ![Select the task sequence](images/sdasteps-fig15-deploy.png "Select the task sequence")
 
-    *Figure 15. Select the **1 – Deploy Microsoft Surface** task sequence*
+    *Figure 15. Select the 1 – Deploy Microsoft Surface task sequence*
 
 2.  On the **Computer Details** page, type a name for the Surface device in the **Computer Name** box. In the **Join a domain** section, type your domain name and credentials as shown in Figure 16, and then click **Next**.
 
@@ -378,7 +378,7 @@ To run the Deploy Microsoft Surface task sequence:
 
     ![Installation progress window](images/sdasteps-fig17-installprogresswindow.png "Installation progress window")
 
-    *Figure 17. The **Installation Progress** window*
+    *Figure 17. The Installation Progress window*
 
 8.  When the deployment task sequence completes, a **Success** window is displayed. Click **Finish** to complete the deployment and begin using your Surface device.
 

devices/surface/surface-dock-updater.md

@@ -34,15 +34,15 @@ To update a Surface Dock with Microsoft Surface Dock Updater, follow these steps
 
     -   If the tool determines that the firmware of your Surface Dock is up to date, a **You have the latest firmware for this Surface Dock** message is displayed, as shown in Figure 1.
 
-        ![figure 1](images/surfacedockupdater-fig1-uptodate-568pix.png)
+        ![Screen that shows your Surface Dock firmware is up to date](images/surfacedockupdater-fig1-uptodate-568pix.png "Screen that shows your Surface Dock firmware is up to date")
 
-        Figure 1. Your Surface Dock firmware is up to date.
+        *Figure 1. Your Surface Dock firmware is up to date*
 
     -   If Microsoft Surface Dock Updater determines that the firmware of your Surface Dock is not up to date, a **This Surface Dock is not running the latest firmware** message is displayed, as shown in Figure 2.
 
-        ![figure 2](images/surfacedockupdater-fig2a-needsupdating.png)
+        ![Screen that shows your Surface Dock firmware needs to be updated](images/surfacedockupdater-fig2a-needsupdating.png "Screen that shows your Surface Dock firmware needs to be updated")
 
-        Figure 2. Your Surface Dock firmware needs to be updated
+        *Figure 2. Your Surface Dock firmware needs to be updated*
 
 3.  To begin the firmware update process, click **Update** on the **Surface Dock Firmware** page.
 
@@ -50,27 +50,27 @@ To update a Surface Dock with Microsoft Surface Dock Updater, follow these steps
 
 5.  As the firmware update is uploaded to the Surface Dock, a **Progress** page is displayed, as shown in Figure 3. Do not disconnect the Surface Dock while firmware is being uploaded.
 
-    ![figure 3](images/surfacedockupdater-fig3-progress.png)
+    ![Progress of firmware update upload](images/surfacedockupdater-fig3-progress.png "Progress of firmware update upload")
 
-    Figure 3. Progress of firmware update upload to Surface Dock
+    *Figure 3. Progress of firmware update upload to Surface Dock*
 
 6.  After the firmware update has successfully uploaded to the Surface Dock, you are prompted to disconnect and then reconnect the Surface Dock from the Surface device, as shown in Figure 4. The main chipset firmware update will be applied while the Surface Dock is disconnected.
 
-    ![figure 4](images/surfacedockupdater-fig4-disconnect.png)
+    ![Disconnect and reconnect Surface Dock when prompted](images/surfacedockupdater-fig4-disconnect.png "Disconnect and reconnect Surface Dock when prompted")
 
-    Figure 4. Disconnect and reconnect Surface Dock when prompted
+    *Figure 4. Disconnect and reconnect Surface Dock when prompted*
 
 7.  When the main chipset firmware update is verified, the DisplayPort chipset firmware update will be uploaded to the Surface Dock. Upon completion, a **Success** page is displayed and you will again be prompted to disconnect the Surface Dock, as shown in Figure 5.
 
-    ![figure 5](images/surfacedockupdater-fig5-success.png)
+    ![Screen showing successful upload](images/surfacedockupdater-fig5-success.png "Screen showing successful upload")
 
-    Figure 5. Successful upload of Surface Dock firmware
+    *Figure 5. Successful upload of Surface Dock firmware*
 
 8.  After you disconnect the Surface Dock the DisplayPort firmware update will be installed. This process occurs on the Surface Dock hardware while it is disconnected. The Surface Dock must remain powered for up to 3 minutes after it has been disconnected for the firmware update to successfully install. An **Update in Progress** page is displayed (as shown in Figure 6), with a countdown timer to show the estimated time remaining to complete the firmware update installation.
 
-    ![figure 6](images/surfacedockupdater-fig6-countdown.png)
+    ![Countdown timer to complete firmware installation](images/surfacedockupdater-fig6-countdown.png "Countdown timer to complete firmware installation")
 
-    Figure 6. Countdown timer to complete firmware installation on Surface Dock
+    *Figure 6. Countdown timer to complete firmware installation on Surface Dock*
 
 9.  If you want to update multiple Surface Docks in one sitting, you can click the **Update another Surface Dock** button to begin the process on the next Surface Dock.
 
@@ -83,9 +83,9 @@ To update a Surface Dock with Microsoft Surface Dock Updater, follow these steps
 
 If the Surface Dock firmware update process encounters an installation error with either firmware update, the **Encountered an unexpected error** page may be displayed, as shown in Figure 7.
 
-![figure 7](images/surfacedockupdater-fig7-error.png)
+![Firmware update installation error](images/surfacedockupdater-fig7-error.png "Firmware update installation error")
 
-Figure 7. Firmware update installation has encountered an error
+*Figure 7. Firmware update installation has encountered an error*
 
 Microsoft Surface Dock Updater logs its progress into the Event Log, as shown in Figure 8. If you need to troubleshoot an update through this tool, you will find Surface Dock events recorded with the following event IDs:
 
@@ -97,9 +97,9 @@ Microsoft Surface Dock Updater logs its progress into the Event Log, as shown in
 | 12105    | Error                                                    |
 
 
-Figure 8. Surface Dock Updater events in Event Viewer
+![Surface Dock Updater events in Event Viewer](images/surfacedockupdater-fig8-737test.png "Surface Dock Updater events in Event Viewer")
 
-![figure 8](images/surfacedockupdater-fig8-737test.png)
+*Figure 8. Surface Dock Updater events in Event Viewer*
 
 
 ## Related topics

devices/surface/surface-enterprise-management-mode.md

@@ -0,0 +1,163 @@
+---
+title: Surface Enterprise Management Mode (Surface)
+description: See how this feature of Surface devices with Surface UEFI helps you secure and manage firmware settings within your organization.
+keywords: uefi, configure, firmware, secure, semm
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.pagetype: surface, devices, security
+ms.sitesec: library
+author: jobotto
+---
+
+# Microsoft Surface Enterprise Management Mode
+
+Microsoft Surface Enterprise Management Mode (SEMM) is a feature of Surface devices with Surface UEFI that allows you to secure and manage firmware settings within your organization. With SEMM, IT professionals can prepare configurations of UEFI settings and install them on a Surface device. In addition to the ability to configure UEFI settings, SEMM also uses a certificate to protect the configuration from unauthorized tampering or removal.
+
+>**Note**:  SEMM is only available on devices with Surface UEFI firmware, such as Surface Pro 4 and Surface Book. For more information about Surface UEFI, see [Manage Surface UEFI Settings](https://technet.microsoft.com/en-us/itpro/surface/manage-surface-uefi-settings).
+
+When Surface devices are configured by SEMM and secured with the SEMM certificate, they are considered *enrolled* in SEMM. When the SEMM certificate is removed and control of UEFI settings is returned to the user of the device, the Surface device is considered *unenrolled* in SEMM.
+
+## Microsoft Surface UEFI Configurator
+
+The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown in Figure 1. Microsoft Surface UEFI Configurator is a tool that is used to create Windows Installer (.msi) packages that are used to enroll, configure, and unenroll SEMM on a Surface device. These packages contain a configuration file where the settings for UEFI are specified. SEMM packages also contain a certificate that is installed and stored in firmware and used to verify the signature of configuration files before UEFI settings are applied.
+
+![Microsoft Surface UEFI Configurator](images\surface-ent-mgmt-fig1-uefi-configurator.png "Microsoft Surface UEFI Configurator")
+
+*Figure 1. Microsoft Surface UEFI Configurator*
+
+>**Note**:  Windows 10 is required to run Microsoft Surface UEFI Configurator
+
+You can use the Microsoft Surface UEFI Configurator tool in three modes:
+
+* [Surface UEFI Configuration Package](#configuration-package). Use this mode to create a Surface UEFI configuration package to enroll a Surface device in SEMM and to configure UEFI settings on enrolled devices.
+* [Surface UEFI Reset Package](#reset-package). Use this mode to unenroll a Surface device from SEMM.
+* [Surface UEFI Recovery Request](#recovery-request). Use this mode to respond to a recovery request to unenroll a Surface device from SEMM where a Reset Package operation is not successful.
+
+
+#### Download Microsoft Surface UEFI Configurator
+
+You can download Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/en-us/download/details.aspx?id=46703) page in the Microsoft Download Center.
+
+### Configuration package
+
+Surface UEFI configuration packages are the primary mechanism to implement and manage SEMM on Surface devices. These packages contain a configuration file of UEFI settings specified during creation of the package in Microsoft Surface UEFI Configurator and a certificate file, as shown in Figure 2. When a configuration package is run for the first time on a Surface device that is not already enrolled in SEMM, it provisions the certificate file in the device’s firmware and enrolls the device in SEMM. When enrolling a device in SEMM, you will be prompted to confirm the operation by providing the last two digits of the SEMM certificate thumbprint before the certificate file is stored and the enrollment can complete. This confirmation requires that a user be present at the device at the time of enrollment to perform the confirmation.
+
+![Secure a SEMM configuration package with a certificate](images\surface-ent-mgmt-fig2-securepackage.png "Secure a SEMM configuration package with a certificate")
+
+*Figure 2. Secure a SEMM configuration package with a certificate*
+
+See the [Surface Enterprise Management Mode certificate requirements](#surface-enterprise-management-mode-certificate-requirements) section of this article for more information about the requirements for the SEMM certificate.
+
+>**Note**:  You can also specify a UEFI password with SEMM that is required to view the **Security**, **Devices**, **Boot Configuration**, or **Enterprise Management** pages of Surface UEFI.
+
+After a device is enrolled in SEMM, the configuration file is read and the settings specified in the file are applied to UEFI. When you run a configuration package on a device that is already enrolled in SEMM, the signature of the configuration file is checked against the certificate that is stored in the device firmware. If the signature does not match, no changes are applied to the device.
+
+You can use Surface UEFI settings to enable or disable the operation of individual components, such as cameras, wireless communication, or docking USB port (as shown in Figure 3), and configure advanced settings (as shown in Figure 4).
+
+![Enable or disable devices in Surface UEFI with SEMM](images\surface-ent-mgmt-fig3-enabledisable.png "Enable or disable devices in Surface UEFI with SEMM")
+
+*Figure 3. Enable or disable devices in Surface UEFI with SEMM*
+
+![Configure advanced settings in SEMM](images\surface-ent-mgmt-fig4-advancedsettings.png "Configure advanced settings in SEMM")
+
+*Figure 4. Configure advanced settings with SEMM*
+
+You can enable or disable the following devices with SEMM:
+
+* Docking USB Port
+* On-board Audio
+* Type Cover
+* Micro SD or SD Card Slots
+* Front Camera
+* Rear Camera
+* Infrared Camera, for Windows Hello
+* Bluetooth Only
+* Wi-Fi and Bluetooth
+* Trusted Platform Module (TPM)
+
+You can configure the following advanced settings with SEMM:
+
+* IPv6 support for PXE boot
+* Alternate boot order, where the Volume Down button and Power button can be pressed together during boot, to boot directly to a USB or Ethernet device
+* Lock the boot order to prevent changes
+* Support for booting to USB devices
+* Display of the Surface UEFI **Security** page
+* Display of the Surface UEFI **Devices** page
+* Display of the Surface UEFI **Boot** page
+
+>**Note**:  When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 5.
+
+![Certificate thumbprint display](images\surface-ent-mgmt-fig5-success.png "Certificate thumbprint display")
+
+*Figure 5. Display of the last two characters of the certificate thumbprint on the Successful page*
+
+These characters are the last two characters of the certificate thumbprint and should be written down or recorded. The characters are required to confirm enrollment in SEMM on a Surface device, as shown in Figure 6.
+
+![Enrollment confirmation in SEMM](images\surface-ent-mgmt-fig6-enrollconfirm.png "Enrollment confirmation in SEMM")
+
+*Figure 6. Enrollment confirmation in SEMM with the SEMM certificate thumbprint*
+
+To enroll a Surface device in SEMM or to apply the UEFI configuration from a configuration package, all you need to do is run the .msi file on the intended Surface device. You can use application deployment or operating system deployment technologies such as [System Center Configuration Manager](https://technet.microsoft.com/library/mt346023) or the [Microsoft Deployment Toolkit](https://technet.microsoft.com/en-us/windows/dn475741). When you enroll a device in SEMM you must be present to confirm the enrollment on the device. User interaction is not required when you apply a configuration to devices that are already enrolled in SEMM.
+
+### Reset package
+
+A Surface UEFI reset package is used to perform only one task — to unenroll a Surface device from SEMM. The reset package contains signed instructions to remove the SEMM certificate from the device’s firmware and to reset UEFI settings to factory default. Like a Surface UEFI configuration package, a reset package must be signed with the same SEMM certificate that is provisioned on the Surface device. When you create a SEMM reset package, you are required to supply the serial number of the Surface device you intend to reset. SEMM reset packages are not universal and are specific to one device.
+
+### Recovery request
+
+In some scenarios, it may be impossible to use a Surface UEFI reset package. (For example, if Windows becomes unusable on the Surface device.) In these scenarios you can unenroll the Surface device from SEMM through the **Enterprise Management** page of Surface UEFI (shown in Figure 7) with a Recovery Request operation.
+
+![Initiate a SEMM recovery request](images\surface-ent-mgmt-fig7-semmrecovery.png "Initiate a SEMM recovery request")
+
+*Figure 7. Initiate a SEMM recovery request on the Enterprise Management page*
+
+When you use the process on the **Enterprise Management** page to reset SEMM on a Surface device, you are provided with a Reset Request. This Reset Request can be saved as a file to a USB drive, copied as text, or read as a QR Code with a mobile device to be easily emailed or messaged. Use the Microsoft Surface UEFI Configurator Reset Request option to load a Reset Request file or enter the Reset Request text or QR Code. Microsoft Surface UEFI Configurator will generate a verification code that can be entered on the Surface device. If you enter the code on the Surface device and click **Restart**, the device will be unenrolled from SEMM. 
+
+>**Note**:  A Reset Request expires two hours after it is created.
+
+## Surface Enterprise Management Mode certificate requirements
+
+>**Note**:  The SEMM certificate is required to perform any modification to SEMM or Surface UEFI settings on enrolled Surface devices. If the SEMM certificate is corrupted or lost, SEMM cannot be removed or reset. Manage your SEMM certificate accordingly with an appropriate solution for backup and recovery.
+
+Packages created with the Microsoft Surface UEFI Configurator tool are signed with a certificate. This certificate ensures that after a device is enrolled in SEMM, only packages created with the approved certificate can be used to modify the settings of UEFI. The following settings are recommended for the SEMM certificate:
+
+* **Key Algorithm** – RSA 
+* **Key Length** – 2048
+* **Hash Algorithm** – SHA-256
+* **Type** – SSL Server Authentication
+* **Key Usage** – Key Encipherment
+* **Provider** – Microsoft Enhanced RSA and AES Cryptographic Provider
+* **Expiration Date** – 15 Months from certificate creation
+* **Key Export Policy** – Exportable
+
+It is also recommended that the SEMM certificate be authenticated in a two-tier public key infrastructure (PKI) architecture where the intermediate certification authority (CA) is dedicated to SEMM, enabling certificate revocation. For more information about a two-tier PKI configuration, see [Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy](https://technet.microsoft.com/library/hh831348).
+
+>**Note**:  You can use the following PowerShell script to create a self-signed certificate for use in proof-of-concept scenarios.
+  To use this script, copy the following text into Notepad and save the file as a PowerShell script (.ps1). This script creates a certificate with a password of `12345678`.<br/><br/>The certificate generated by this script is not recommended for production environments.
+  
+   ```
+if (-not (Test-Path "Demo Certificate"))  { New-Item -ItemType Directory -Force -Path "Demo Certificate" }
+if (Test-Path "Demo Certificate\TempOwner.pfx") { Remove-Item "Demo Certificate\TempOwner.pfx" }
+
+# Generate the Ownership private signing key with password 12345678
+$pw = ConvertTo-SecureString "12345678" -AsPlainText -Force
+
+$TestUefiV2 = New-SelfSignedCertificate `
+  -Subject "CN=Surface Demo Kit, O=Contoso Corporation, C=US" `
+  -Type SSLServerAuthentication `
+  -HashAlgorithm sha256 `
+  -KeyAlgorithm RSA `
+  -KeyLength 2048 `
+  -KeyUsage KeyEncipherment `
+  -KeyUsageProperty All `
+  -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" `
+  -NotAfter (Get-Date).AddYears(25) `
+  -TextExtension @("2.5.29.37={text}1.2.840.113549.1.1.1") `
+  -KeyExportPolicy Exportable
+
+$TestUefiV2 | Export-PfxCertificate -Password $pw -FilePath "Demo Certificate\TempOwner.pfx"
+   ```
+
+For use with SEMM and Microsoft Surface UEFI Configurator, the certificate must be exported with the private key and with password protection. Microsoft Surface UEFI Configurator will prompt you to select the SEMM certificate file (.pfx) and certificate password when it is required.
+
+>**Note**:&nbsp;&nbsp;For organizations that use an offline root in their PKI infrastructure, Microsoft Surface UEFI Configurator must be run in an environment connected to the root CA to authenticate the SEMM certificate. The packages generated by Microsoft Surface UEFI Configurator can be transferred as files and therefore can be transferred outside the offline network environment with removable storage, such as a USB stick.

windows/deploy/TOC.md

@@ -35,6 +35,7 @@
 ## [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
 ## [Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md)
 ## [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md)
+## [Windows 10 upgrade paths](windows-10-upgrade-paths.md)
 ## [Windows 10 edition upgrade](windows-10-edition-upgrades.md)
 ## [Deploy Windows To Go in your organization](deploy-windows-to-go.md)
 ## [Update Windows 10 images with provisioning packages](update-windows-10-images-with-provisioning-packages.md)

windows/deploy/change-history-for-deploy-windows-10.md

@@ -15,7 +15,8 @@ This topic lists new and updated topics in the [Deploy Windows 10](index.md) doc
 | New or changed topic | Description |
 |----------------------|-------------|
 | [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) | New |
-| [User State Migration Tool Technical Reference](usmt-technical-reference.md) | Updated |
+| [User State Migration Tool Technical Reference](usmt-technical-reference.md) | Updated support statement for Office 2016 |
+| [Windows 10 upgrade paths](windows-10-upgrade-paths.md) | New |
 
 ## May 2016
 | New or changed topic | Description |

windows/deploy/index.md

@@ -23,6 +23,7 @@ Learn about deploying Windows 10 for IT professionals.
 |[Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md) |The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a System Center Configuration Manager task sequence to completely automate the process. |
 |[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |
 |[Windows 10 edition upgrade](windows-10-edition-upgrades.md) |With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. |
+|[Windows 10 upgrade paths](windows-10-upgrade-paths.md) |You can upgrade directly to Windows 10 from a previous operating system. |
 |[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](../plan/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](../plan/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. |
 |[Update Windows 10 images with provisioning packages](update-windows-10-images-with-provisioning-packages.md) |Use a provisioning package to apply settings, profiles, and file assets to a Windows 10 image. |
 |[Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade-windows-phone-8-1-to-10.md) |This topic describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile. |

windows/deploy/windows-10-edition-upgrades.md

@@ -15,17 +15,17 @@ author: greg-lindsay
 -   Windows 10
 -   Windows 10 Mobile
 
-With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](http://go.microsoft.com/fwlink/p/?LinkID=690882).
+With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](http://go.microsoft.com/fwlink/p/?LinkID=690882). For a comprehensive list of all possible upgrade paths to Windows 10, see [Windows 10 upgrade paths](windows-10-upgrade-paths.md).
 
-The following table shows the methods you can use to upgrade editions of Windows 10.
+The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer.
 
 |Method |Home > Pro |Home > Education |Pro > Education |Pro > Enterprise |Ent > Education |Mobile > Mobile Enterprise |
 |-------|-----------|-----------------|----------------|-----------------|----------------|--------|
-| Using mobile device management (MDM) |![unsupported](images/crossmark.png) |![supported](images/checkmark.png) |![supported](images/checkmark.png) |![supported](images/checkmark.png) |![supported](images/checkmark.png) |![supported](images/checkmark.png) |
-| Using a provisioning package |![unsupported](images/crossmark.png) |![supported](images/checkmark.png) |![supported](images/checkmark.png) |![supported](images/checkmark.png) |![supported](images/checkmark.png) |![supported](images/checkmark.png) |
-| Using a command-line tool |![unsupported](images/crossmark.png) |![supported](images/checkmark.png) |![supported](images/checkmark.png) |![supported](images/checkmark.png) |![supported](images/checkmark.png) |![unsupported](images/crossmark.png) |
-| Entering a product key manually |![supported](images/checkmark.png) |![supported](images/checkmark.png) |![supported](images/checkmark.png) |![supported](images/checkmark.png) |![supported](images/checkmark.png) |![unsupported](images/crossmark.png) |
-| Purchasing a license from the Windows Store |![supported](images/checkmark.png) |![unsupported](images/crossmark.png) |![unsupported](images/crossmark.png) |![unsupported](images/crossmark.png) |![unsupported](images/crossmark.png) |![unsupported](images/crossmark.png) |
+| Using mobile device management (MDM) |![unsupported](images/x_blk.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |
+| Using a provisioning package |![unsupported](images/x_blk.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |
+| Using a command-line tool |![unsupported](images/x_blk.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![unsupported](images/x_blk.png) |
+| Entering a product key manually |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![unsupported](images/x_blk.png) |
+| Purchasing a license from the Windows Store |![supported](images/check_grn.png) |![unsupported](images/x_blk.png) |![unsupported](images/x_blk.png) |![unsupported](images/x_blk.png) |![unsupported](images/x_blk.png) |![unsupported](images/x_blk.png) |
 
 **Note**<br>Each desktop edition in the table also has an N and KN edition. These editions have had media-related functionality removed. Devices with N or KN editions installed can be upgraded to corresponding N or KN editions using the same methods.
 

windows/deploy/windows-10-upgrade-paths.md

@@ -0,0 +1,416 @@
+---
+title: Windows 10 upgrade paths (Windows 10)
+description: You can upgrade to Windows 10 from a previous version of Windows, providing the upgrade path is supported.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: mobile
+author: greg-lindsay
+---
+
+# Windows 10 upgrade paths
+**Applies to**
+
+-   Windows 10
+-   Windows 10 Mobile
+
+## Upgrade paths
+
+This topic provides a summary of available upgrade paths to Windows 10. You can upgrade to Windows 10 from Windows 7 or a later operating system. This includes upgrading from one release of Windows 10 to later release of Windows 10. Migrating from one edition of Windows 10 to a different edition of the same release is also supported. For more information about migrating to a different edition of Windows 10, see [Windows 10 edition upgrade](windows-10-edition-upgrades.md).
+
+>**Windows N/KN**: Windows "N" and "KN" editions follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process.  
+
+>**Free upgrade**: Some upgrade paths qualify for a free upgrade using Windows Update. For a list of upgrade paths that are available as part of the free upgrade offer, see [Free upgrade paths](#Free-upgrade-paths).
+
+✔ = Full upgrade is supported including personal data, settings, and applications.<BR>
+D = Edition downgrade; personal data is maintained, applications and settings are removed.
+
+<table border="1" cellpadding="3">
+    <tr>
+        <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+        <td></td>
+        <td>Windows 10 Home</td>
+        <td>Windows 10 Pro</td>
+        <td>Windows 10 Pro for Education</td>
+        <td>Windows 10 Education</td>
+        <td>Windows 10 Enterprise</td>
+        <td>Windows 10 Mobile</td>
+        <td>Windows 10 Mobile Enterprise</td>
+    </tr>
+    <tr>
+        <td rowspan="7" nowrap="nowrap">Windows 7</td>
+    </tr>
+    <tr>
+        <td>Starter</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Home Basic</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Home Premium</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Professional</td>
+        <td>D</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Ultimate</td>
+        <td>D</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Enterprise</td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td rowspan="8" nowrap="nowrap">Windows 8</td>
+    </tr>
+    <tr>
+        <td>(Core)</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Professional</td>
+        <td>D</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Professional WMC</td>
+        <td>D</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Enterprise</td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Embedded Industry</td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Windows RT</td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Windows Phone 8</td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td rowspan="10" nowrap="nowrap">Windows 8.1</td>
+    </tr>
+    <tr>
+        <td>(Core)</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Connected</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Professional</td>
+        <td>D</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Professional Student</td>
+        <td>D</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Professional WMC</td>
+        <td>D</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Enterprise</td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Embedded Industry</td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Windows RT</td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Windows Phone 8.1</td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td>✔</td>
+        <td></td>
+    </tr>
+    <tr>
+        <td rowspan="7" nowrap="nowrap">Windows 10</td>
+    </tr>
+    <tr>
+        <td>Home</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Professional</td>
+        <td>D</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Education</td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td>✔</td>
+        <td>D</td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Enterprise</td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td>✔</td>
+        <td>✔</td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Mobile</td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td>✔</td>
+        <td>✔</td>
+    </tr>
+    <tr>
+        <td>Mobile Enterprise</td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td>D</td>
+        <td>✔</td>
+    </tr>
+</table>
+
+## Free upgrade paths
+
+Windows 10 is offered as a free upgrade for the first year after launch of Windows 10, with the following restrictions: 
+- The offer expires on July 29th, 2016.
+- The offer applies to devices connected to the Internet with Windows Update enabled.
+- Upgrading to Windows 10 Pro requires a computer running the Pro or Ultimate version of Windows 7/8/8.1.
+- Windows Phone 8.0 users must update to Windows 8.1 before upgrading to Windows 10 Mobile<sup>1</sup>. 
+- Editions that are excluded from the free upgrade offer include: Windows 7 Enterprise, Windows 8/8.1 Enterprise, and Windows RT/RT 8.1<sup>2</sup>. 
+
+><sup>1</sup>The availability of Windows 10 Mobile for Windows 8.1 devices will vary by device manufacturer, device model, country or region, mobile operator or service provider, hardware limitations, and other factors. For a list of eligible phones and important info about the upgrade and Windows 10 Mobile, see [Windows 10 specifications](http://windows.com/specsmobile).
+
+><sup>2</sup>Active Software Assurance customers in volume licensing have the benefit to upgrade to Windows 10 Enterprise outside of this offer. Windows 10 is not supported on devices running the RT versions of Windows 8.
+
+The following table summarizes the free upgrade paths to Windows 10. For a list of frequently asked questions about the free upgrade to Windows 10, see [Upgrade to Windows 10: FAQ](http://windows.microsoft.com/en-us/windows-10/upgrade-to-windows-10-faq).
+
+<table border="1" cellpadding="3">
+    <tr>
+        <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+        <td>From</td>
+        <td>To</td>
+    </tr>
+    <tr>
+        <td BGCOLOR="#a0e4fa" colspan="3">Windows 7</td>
+    </tr>
+    <tr>
+        <td></td>
+        <td>Windows 7 Starter</td>
+        <td rowspan="3">Windows 10 Home</td>
+    </tr>
+    <tr>
+        <td>&nbsp;</td>
+        <td>Windows 7 Home Basic</td>
+    </tr>
+    <tr>
+        <td>&nbsp;</td>
+        <td>Windows 7 Home Premium</td>
+    </tr>
+    <tr>
+        <td></td>
+        <td>Windows 7 Professional</td>
+        <td rowspan="2">Windows 10 Pro</td>
+    </tr>
+    <tr>
+        <td>&nbsp;</td>
+        <td>Windows 7 Ultimate</td>
+    </tr>
+        <tr>
+	        <td BGCOLOR="#a0e4fa" colspan="3">Windows 8/8.1</td>
+	    </tr>
+	    <tr>
+	        <td></td>
+	        <td>Windows Phone 8.1</td>
+	        <td>Windows 10 Mobile</td>
+       </tr>
+	    <tr>
+	        <td></td>
+	        <td>Windows 8/8.1</td>
+	        <td>Windows 10 Home</td>
+       </tr>
+    <tr>
+        <td></td>
+        <td>Windows 8/8.1 Pro</td>
+        <td rowspan="2">Windows 10 Pro</td>
+    </tr>
+    <tr>
+        <td>&nbsp;</td>
+        <td>Windows 8/8.1 Pro for Students</td>
+    </tr>
+
+</table>
+
+## Related Topics
+
+[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)<BR>
+[Windows upgrade and migration considerations](windows-upgrade-and-migration-considerations.md)
+ 
+
+ 
+
+
+
+
+

windows/deploy/windows-upgrade-and-migration-considerations.md

@@ -8,13 +8,13 @@ ms.sitesec: library
 author: greg-lindsay
 ---
 
-# Windows Upgrade and Migration Considerations
+# Windows upgrade and migration considerations
 Files and application settings can be migrated to new hardware running the Windows® operating system, or they can be maintained during an operating system upgrade on the same computer. This topic summarizes the Microsoft® tools you can use to move files and settings between installations in addition to special considerations for performing an upgrade or migration.
 
-## Upgrade from a Previous Version of Windows
+## Upgrade from a previous version of Windows
 You can upgrade from an earlier version of Windows, which means you can install the new version of Windows and retain your applications, files, and settings as they were in your previous version of Windows. If you decide to perform a custom installation of Windows instead of an upgrade, your applications and settings will not be maintained. Your personal files, and all Windows files and directories, will be moved to a Windows.old folder. You can access your data in the Windows.old folder after Windows Setup is complete.
 
-## Migrate Files and Settings
+## Migrate files and settings
 Migration tools are available to transfer settings from one computer that is running Windows to another. These tools transfer only the program settings, not the programs themselves.
 
 For more information about application compatibility, see the [Application Compatibility Toolkit (ACT)](http://go.microsoft.com/fwlink/p/?LinkId=131349).
@@ -29,13 +29,13 @@ With Windows Easy Transfer, files and settings can be transferred using a netwo
 ### Migrate with the User State Migration Tool
 You can use USMT to automate migration during large deployments of the Windows operating system. USMT uses configurable migration rule (.xml) files to control exactly which user accounts, user files, operating system settings, and application settings are migrated and how they are migrated. You can use USMT for both *side-by-side* migrations, where one piece of hardware is being replaced, or *wipe-and-load* (or *refresh*) migrations, when only the operating system is being upgraded.
 
-## Upgrade and Migration Considerations
+## Upgrade and migration monsiderations
 Whether you are upgrading or migrating to a new version of Windows, you must be aware of the following issues and considerations:
 
-### Application Compatibility
+### Application compatibility
 For more information about application compatibility in Windows, see the [Application Compatibility Toolkit (ACT)](http://go.microsoft.com/fwlink/p/?LinkId=131349).
 
-### Multilingual Windows Image Upgrades
+### Multilingual Windows image upgrades
 When performing multilingual Windows upgrades, cross-language upgrades are not supported by USMT. If you are upgrading or migrating an operating system with multiple language packs installed, you can upgrade or migrate only to the system default user interface (UI) language. For example, if English is the default but you have a Spanish language pack installed, you can upgrade or migrate only to English.
 
 If you are using a single-language Windows image that matches the system default UI language of your multilingual operating system, the migration will work. However, all of the language packs will be removed, and you will have to reinstall them after the upgrade is completed.
@@ -43,7 +43,7 @@ If you are using a single-language Windows image that matches the system default
 ### Errorhandler.cmd
 When upgrading from an earlier version of Windows, if you intend to use Errorhandler.cmd, you must copy this file into the %WINDIR%\\Setup\\Scripts directory on the old installation. This makes sure that if there are errors during the down-level phase of Windows Setup, the commands in Errorhandler.cmd will run.
 
-### Data Drive ACL Migration
+### Data drive ACL migration
 During the configuration pass of Windows Setup, the root access control list (ACL) on drives formatted for NTFS that do not appear to have an operating system will be changed to the default Windows XP ACL format. The ACLs on these drives are changed to enable authenticated users to modify access on folders and files.
 
 Changing the ACLs may affect the performance of Windows Setup if the default Windows XP ACLs are applied to a partition with a large amount of data. Because of these performance concerns, you can change the following registry value to disable this feature:
@@ -57,7 +57,10 @@ Value: "DDACLSys_Disabled" = 1
 This feature is disabled if this registry key value exists and is configured to `1`.
 
 ## Related topics
-- [User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
+[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)<BR>
+[Windows 10 upgrade paths](windows-10-upgrade-paths.md)<BR>
+[Windows 10 edition upgrade](windows-10-edition-upgrades.md)
+
 
  
 

windows/keep-secure/TOC.md

@@ -27,6 +27,7 @@
 #### [Testing scenarios for enterprise data protection (EDP)](testing-scenarios-for-edp.md)
 ## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)
 ## [VPN profile options](vpn-profile-options.md)
+## [Windows security baselines](windows-security-baselines.md)
 ## [Security technologies](security-technologies.md)
 ### [Access Control Overview](access-control.md)
 #### [Dynamic Access Control Overview](dynamic-access-control.md)
@@ -679,7 +680,6 @@
 #### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md)
 #### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)
 #### [Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md)
-<!--##### [Service onboarding](service-onboarding-windows-defender-advanced-threat-protection.md)-->
 ##### [Configure endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
 ##### [Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
 ##### [Additional configuration settings](additional-configuration-windows-defender-advanced-threat-protection.md)

windows/keep-secure/change-history-for-keep-windows-10-secure.md

@@ -19,6 +19,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
 |[Create an enterprise data protection (EDP) policy using Microsoft Intune](create-edp-policy-using-intune.md) |Added an update about needing to reconfigure your enterprise data protection app rules after delivery of the June service update. |
 | [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md) (multiple topics) | New |
 | [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) (mutiple topics) | New security monitoring reference topics |
+| [Windows security baselines](windows-security-baselines.md) | New |
 
 ## May 2016
 

windows/keep-secure/event-1102.md

@@ -70,7 +70,7 @@ This event generates every time Windows Security audit log was cleared.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that cleared the system security audit log. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that cleared the system security audit log.
 

windows/keep-secure/event-4611.md

@@ -75,7 +75,7 @@ You typically see these events during operating system startup or user logon and
 
 -   **Security ID** \[Type = SID\]**:** SID of account that registered the trusted logon process. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that registered the trusted logon process.
 

windows/keep-secure/event-4616.md

@@ -82,7 +82,7 @@ You will typically see these events with “**Subject\\Security ID**” = “**L
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “change system time” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change system time” operation.
 

windows/keep-secure/event-4624.md

@@ -115,7 +115,7 @@ This event generates when a logon session is created (on destination machine). I
 
 -   **Security ID** \[Type = SID\]**:** SID of account that reported information about successful logon or invokes it. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that reported information about successful logon.
 
@@ -175,7 +175,7 @@ This event generates when a logon session is created (on destination machine). I
 
 -   **Security ID** \[Type = SID\]**:** SID of account for which logon was performed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account for which logon was performed.
 

windows/keep-secure/event-4625.md

@@ -89,7 +89,7 @@ This event generates on domain controllers, member servers, and workstations.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that reported information about logon failure. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that reported information about logon failure.
 
@@ -125,7 +125,7 @@ This event generates on domain controllers, member servers, and workstations.
 
 -   **Security ID** \[Type = SID\]**:** SID of the account that was specified in the logon attempt. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that was specified in the logon attempt.
 

windows/keep-secure/event-4626.md

@@ -85,7 +85,7 @@ This event generates on the computer to which the logon was performed (target co
 
 -   **Security ID** \[Type = SID\]**:** SID of account that reported information about claims. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that reported information about claims.
 
@@ -121,7 +121,7 @@ This event generates on the computer to which the logon was performed (target co
 
 -   **Security ID** \[Type = SID\]**:** SID of account for which logon was performed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account for which logon was performed.
 

windows/keep-secure/event-4627.md

@@ -80,7 +80,7 @@ Multiple events are generated if the group membership information cannot fit in
 
 -   **Security ID** \[Type = SID\]**:** SID of account that reported information about successful logon or invokes it. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that reported information about successful logon or invokes it.
 
@@ -116,7 +116,7 @@ Multiple events are generated if the group membership information cannot fit in
 
 -   **Security ID** \[Type = SID\]**:** SID of account for which logon was performed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account for which logon was performed.
 

windows/keep-secure/event-4634.md

@@ -75,7 +75,7 @@ It may be positively correlated with a “[4624](event-4624.md): An account was
 
 -   **Security ID** \[Type = SID\]**:** SID of account that was logged off. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that was logged off.
 

windows/keep-secure/event-4647.md

@@ -74,7 +74,7 @@ It may be positively correlated with a “[4624](event-4624.md): An account was
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “logoff” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “logoff” operation.
 

windows/keep-secure/event-4648.md

@@ -82,7 +82,7 @@ It is also a routine event which periodically occurs during normal operating sys
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the new logon session with explicit credentials. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the new logon session with explicit credentials.
 

windows/keep-secure/event-4656.md

@@ -93,7 +93,7 @@ This event shows that access was requested, and the results of the request, but
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested a handle to an object. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested a handle to an object.
 

windows/keep-secure/event-4657.md

@@ -80,7 +80,7 @@ This event generates only if “Set Value" auditing is set in registry key’s [
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “modify registry value” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “modify registry value” operation.
 

windows/keep-secure/event-4658.md

@@ -76,7 +76,7 @@ Typically this event is needed if you need to know how long the handle to the ob
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “close object’s handle” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “close object’s handle” operation.
 

windows/keep-secure/event-4660.md

@@ -79,7 +79,7 @@ The advantage of this event is that it’s generated only during real delete ope
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “delete object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “delete object” operation.
 

windows/keep-secure/event-4661.md

@@ -84,7 +84,7 @@ This event generates only if Success auditing is enabled for the [Audit Handle M
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested a handle to an object. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested a handle to an object.
 

windows/keep-secure/event-4662.md

@@ -84,7 +84,7 @@ You will get one 4662 for each operation type which was performed.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the operation.
 

windows/keep-secure/event-4663.md

@@ -87,7 +87,7 @@ The main difference with “[4656](event-4656.md): A handle to an object was req
 
 -   **Security ID** \[Type = SID\]**:** SID of account that made an attempt to access an object. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that made an attempt to access an object.
 

windows/keep-secure/event-4664.md

@@ -71,7 +71,7 @@ This event generates when an NTFS hard link was successfully created.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that made an attempt to create the hard link. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that made an attempt to create the hard link.
 

windows/keep-secure/event-4670.md

@@ -80,7 +80,7 @@ Before this event can generate, certain ACEs might need to be set in the object
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “change object’s permissions” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change object’s permissions” operation.
 

windows/keep-secure/event-4672.md

@@ -97,7 +97,7 @@ You typically will see many of these events in the event log, because every logo
 
 -   **Security ID** \[Type = SID\]**:** SID of account to which special privileges were assigned. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account to which special privileges were assigned.
 

windows/keep-secure/event-4673.md

@@ -77,7 +77,7 @@ Failure event generates when service call attempt fails.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested privileged operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested privileged operation.
 

windows/keep-secure/event-4674.md

@@ -80,7 +80,7 @@ Failure event generates when operation attempt fails.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested privileged operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested privileged operation.
 

windows/keep-secure/event-4675.md

@@ -19,7 +19,7 @@ This event generates when SIDs were filtered for specific Active Directory trust
 
 See more information about SID filtering here: <https://technet.microsoft.com/en-us/library/cc772633(v=ws.10).aspx>.
 
-> **Note**&nbsp;&nbsp;A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**&nbsp;&nbsp;A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 There is no example of this event in this document.
 

windows/keep-secure/event-4688.md

@@ -95,7 +95,7 @@ This event generates every time a new process starts.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “create process” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “create process” operation.
 
@@ -119,7 +119,7 @@ This event generates every time a new process starts.
 
 -   **Security ID** \[Type = SID\] \[Version 2\]**:** SID of target account. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\] \[Version 2\]**:** the name of the target account.
 

windows/keep-secure/event-4689.md

@@ -71,7 +71,7 @@ This event generates every time a process has exited.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “terminate process” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “terminate process” operation.
 

windows/keep-secure/event-4690.md

@@ -72,7 +72,7 @@ This event generates if an attempt was made to duplicate a handle to an object.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that made an attempt to duplicate a handle to an object. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that made an attempt to duplicate a handle to an object.
 

windows/keep-secure/event-4691.md

@@ -75,7 +75,7 @@ These events are generated for [ALPC Ports](https://msdn.microsoft.com/en-us/lib
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested an access to the object. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested an access to the object.
 

windows/keep-secure/event-4692.md

@@ -82,7 +82,7 @@ Failure event generates when a Master Key backup operation fails for some reason
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested backup operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested backup operation.
 

windows/keep-secure/event-4693.md

@@ -79,7 +79,7 @@ Failure event generates when a Master Key restore operation fails for some reaso
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “recover” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “recover” operation.
 

windows/keep-secure/event-4696.md

@@ -78,7 +78,7 @@ This event generates every time a process runs using the non-current access toke
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “assign token to process” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “assign token to process” operation.
 
@@ -120,7 +120,7 @@ This event generates every time a process runs using the non-current access toke
 
 -   **Security ID** \[Type = SID\]**:** SID of account through which the security token will be assigned to the new process. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account through which the security token will be assigned to the new process.
 

windows/keep-secure/event-4697.md

@@ -73,7 +73,7 @@ This event generates when new service was installed in the system.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that was used to install the service. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that was used to install the service.
 

windows/keep-secure/event-4698.md

@@ -70,7 +70,7 @@ This event generates every time a new scheduled task is created.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “create scheduled task” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “create scheduled task” operation.
 

windows/keep-secure/event-4699.md

@@ -70,7 +70,7 @@ This event generates every time a scheduled task was deleted.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “delete scheduled task” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “delete scheduled task” operation.
 

windows/keep-secure/event-4700.md

@@ -70,7 +70,7 @@ This event generates every time a scheduled task is enabled.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “enable scheduled task” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “enable scheduled task” operation.
 

windows/keep-secure/event-4701.md

@@ -70,7 +70,7 @@ This event generates every time a scheduled task is disabled.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “enable scheduled task” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “enable scheduled task” operation.
 

windows/keep-secure/event-4702.md

@@ -70,7 +70,7 @@ This event generates every time scheduled task was updated/changed.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “change/update scheduled task” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change/update scheduled task” operation.
 

windows/keep-secure/event-4703.md

@@ -80,7 +80,7 @@ Token privileges provide the ability to take certain system-level actions that y
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “enable” or “disable” operation for **Target Account** privileges. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “enable” or “disable” operation for **Target Account** privileges.
 
@@ -102,7 +102,7 @@ Token privileges provide the ability to take certain system-level actions that y
 
 -   **Security ID** \[Type = SID\]**:** SID of account for which privileges were enabled or disabled. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account for which privileges were enabled or disabled.
 

windows/keep-secure/event-4704.md

@@ -72,7 +72,7 @@ You will see unique event for every user.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that made a change to local user right policy. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that made a change to local user right policy.
 

windows/keep-secure/event-4705.md

@@ -72,7 +72,7 @@ You will see unique event for every user.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that made a change to local user right policy. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that made a change to local user right policy.
 

windows/keep-secure/event-4706.md

@@ -76,7 +76,7 @@ This event is generated only on domain controllers.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “create domain trust” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “create domain trust” operation.
 

windows/keep-secure/event-4707.md

@@ -72,7 +72,7 @@ This event is generated only on domain controllers.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “remove domain trust” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “remove domain trust” operation.
 

windows/keep-secure/event-4713.md

@@ -71,7 +71,7 @@ This event is generated only on domain controllers.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that made a change to Kerberos policy. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that made a change to Kerberos policy.
 

windows/keep-secure/event-4715.md

@@ -72,7 +72,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “change local audit policy security descriptor (SACL)” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change local audit policy security descriptor (SACL)” operation.
 

windows/keep-secure/event-4716.md

@@ -76,7 +76,7 @@ This event is generated only on domain controllers.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “modify domain trust settings” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “modify domain trust settings” operation.
 

windows/keep-secure/event-4717.md

@@ -72,7 +72,7 @@ You will see unique event for every user if logon user rights were granted to mu
 
 -   **Security ID** \[Type = SID\]**:** SID of account that made a change to local logon right user policy. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that made a change to local logon right user policy.
 

windows/keep-secure/event-4718.md

@@ -72,7 +72,7 @@ You will see unique event for every user if logon user rights were removed for m
 
 -   **Security ID** \[Type = SID\]**:** SID of account that made a change to local logon right user policy. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that made a change to local logon right user policy.
 

windows/keep-secure/event-4719.md

@@ -74,7 +74,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category
 
 -   **Security ID** \[Type = SID\]**:** SID of account that made a change to local audit policy. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that made a change to local audit policy.
 

windows/keep-secure/event-4720.md

@@ -92,7 +92,7 @@ This event generates on domain controllers, member servers, and workstations.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “create user account” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “create user account” operation.
 

windows/keep-secure/event-4722.md

@@ -75,7 +75,7 @@ For computer accounts, this event generates only on domain controllers.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “enable account” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “enable account” operation.
 

windows/keep-secure/event-4723.md

@@ -82,7 +82,7 @@ Typically you will see 4723 events with the same **Subject\\Security ID** and **
 
 -   **Security ID** \[Type = SID\]**:** SID of account that made an attempt to change Target’s Account password. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that made an attempt to change Target’s Account password.
 

windows/keep-secure/event-4724.md

@@ -81,7 +81,7 @@ For local accounts, a Failure event generates if the new password fails to meet
 
 -   **Security ID** \[Type = SID\]**:** SID of account that made an attempt to reset Target’s Account password. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that made an attempt to reset Target’s Account password.
 

windows/keep-secure/event-4725.md

@@ -75,7 +75,7 @@ For computer accounts, this event generates only on domain controllers.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “disable account” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “disable account” operation.
 

windows/keep-secure/event-4726.md

@@ -74,7 +74,7 @@ This event generates on domain controllers, member servers, and workstations.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “delete user account” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “delete user account” operation.
 

windows/keep-secure/event-4731.md

@@ -76,7 +76,7 @@ This event generates on domain controllers, member servers, and workstations.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “create group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “create group” operation.
 

windows/keep-secure/event-4732.md

@@ -80,7 +80,7 @@ You will typically see “[4735](event-4735.md): A security-enabled local group
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “add member to the group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “add member to the group” operation.
 

windows/keep-secure/event-4733.md

@@ -80,7 +80,7 @@ You will typically see “[4735](event-4735.md): A security-enabled local group
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “remove member from the group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “remove member from the group” operation.
 

windows/keep-secure/event-4734.md

@@ -74,7 +74,7 @@ This event generates on domain controllers, member servers, and workstations.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “delete group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “delete group” operation.
 

windows/keep-secure/event-4735.md

@@ -84,7 +84,7 @@ From 4735 event you can get information about changes of **sAMAccountName** and
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “change group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change group” operation.
 

windows/keep-secure/event-4738.md

@@ -99,7 +99,7 @@ Some changes do not invoke a 4738 event.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “change user account” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change user account” operation.
 

windows/keep-secure/event-4739.md

@@ -102,7 +102,7 @@ This event generates when one of the following changes was made to local compute
 
 -   **Security ID** \[Type = SID\]**:** SID of account that made a change to specific local policy. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that made a change to specific local policy.
 

windows/keep-secure/event-4740.md

@@ -73,7 +73,7 @@ For user accounts, this event generates on domain controllers, member servers, a
 
 -   **Security ID** \[Type = SID\]**:** SID of account that performed the lockout operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that performed the lockout operation.
 

windows/keep-secure/event-4741.md

@@ -94,7 +94,7 @@ This event generates only on domain controllers.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “create Computer object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “create Computer object” operation.
 

windows/keep-secure/event-4742.md

@@ -105,7 +105,7 @@ You might see this event without any changes inside, that is, where all **Change
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “change Computer object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change Computer object” operation.
 

windows/keep-secure/event-4743.md

@@ -74,7 +74,7 @@ This event generates only on domain controllers.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “delete Computer object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “delete Computer object” operation.
 

windows/keep-secure/event-4749.md

@@ -76,7 +76,7 @@ This event generates only on domain controllers.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “create group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “create group” operation.
 

windows/keep-secure/event-4750.md

@@ -84,7 +84,7 @@ From 4750 event you can get information about changes of **sAMAccountName** and
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “change group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change group” operation.
 

windows/keep-secure/event-4751.md

@@ -80,7 +80,7 @@ You will typically see “[4750](event-4750.md): A security-disabled global grou
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “add member to the group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “add member to the group” operation.
 

windows/keep-secure/event-4752.md

@@ -78,7 +78,7 @@ For every removed member you will get separate 4752 event.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “remove member from the group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “remove member from the group” operation.
 

windows/keep-secure/event-4753.md

@@ -74,7 +74,7 @@ This event generates only on domain controllers.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “delete group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “delete group” operation.
 

windows/keep-secure/event-4764.md

@@ -76,7 +76,7 @@ This event generates only on domain controllers.
 
 -   **Security ID** \[Type = SID\]**:** SID of account that requested the “change group type” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change group type” operation.